The present invention is related generally to the use of encrypted information and data for authentication purposes and, in particular, to the authentication of a client of an Internet Service provider (ISP) in on-line applications.
In telephone services, when a caller makes a phone call to a called party, it is possible for the called party to identify the caller via a caller ID service provided by the telephone company. With the caller ID service, the telephone number and/or the name of the caller can be provided to the called party, usually as text to be displayed on the called party""s terminal, or as caller-ID boxes on dedicated lines.
In on-line applications that use a communication network, such as the Internet or an Internet-like network, it is currently impossible to send caller ID information forward from the service provider with which the client is connected. For example, if a client requests a service or wishes to make a purchase from a supplier through the Internet, it is currently almost impossible to authenticate the client through the Internet. Presently, it is possible to authenticate an individual by way of certificates. A certificate is an electronic document used to identify an individual, a company or some other entity and to associate that identity with a public key. The certificate, which can be issued by a Certificate Authority (CA), binds a particular public key to the name of the entity that the certificate identifies. For that purpose, the certificate always includes the name of the entity, the entity""s public key and a digital signature of the issuing CA. As it is well known in the art, a digital signature is a digital signed message. The message serves as a xe2x80x9cletter of introductionxe2x80x9d for the recipients who know and trust the CA but do not know the entity identified by the certificate. In this case, the message is first converted into a digest by a one-way hash function, and the digest is encrypted with the CA""s private key into a digital signature. The digital signature is sent to the message recipient along with a CA""s public key certificate and a copy of the original message. In operation, when the CA sends a signed message with a certificate attached thereto, the recipient verifies the authenticity of the certificate by using the CA""s public key. The recipient also generates a digest of the message sent using the same one-way hash function and compares this digest with the digital signature decrypted using the CA""s public key for an exact match. With this method, the identity of an entity can be authenticated by a certificate. However, before issuing a certificate, the CA must use its published verification procedures for that type of certificate to ensure that an entity requesting a certificate is, in fact, who it claims to be.
Currently, there are a number of ways to obtain public key certificates. Some of these depend on little or no ceremony while others can consume a great deal of time with their ceremonial requirements. Certificates based on the former are easy to get but have more risk associated with their use as compared to the certificates created with greater ceremony.
In each case, the risk involved relates to the level of trust associated with the usage of the certificate. The more effort put into the identification of the certificate owner, the more trust there is in the digital signatures generated from the certificate""s associated private key. The level of trust is based on the published Certificate Practice Statement (CPS) that the certificate issuer adheres to when creating a certificate. In the case of this invention, the CPS defines the steps that are performed when using the caller-id in the creation of the certificate. Included in the certificate is a reference to the applicable CPS.
The Internet Engineering Task Force (IETF) Public Key Infrastructure (PKIX) working group has defined standards for certificate management. Specifically, the most common of these standards is referred to as X.509. Other certificate standards include Simple Public Key Infrastructure (SPKI) and Pretty Good Privacy (PGP). The X.509 certificate includes the following information: version, serial number, signature, algorithm identifier, issuer name, validity period, subject name, issuer and authorization attributes. Such certificates are well known to those skilled in the art.
This invention provides a balance between the burden required to obtain the certificate and the risk involved in its use. By using the caller-id feature associated with the use of private communication connectionsxe2x80x94land based telephone line, Digital Subscriber Line (DSL), etc.xe2x80x94it is possible to create a certificate that is easy for the client to obtain and yet has a high-degree of confidence when used to authenticate the client""s behavior.
The problem is that it is difficult to ensure that the entity requesting a certificate is, in fact, who it claims to be. The verification procedures usually involve a variety of complicated registration processes.
Thus, it is advantageous and desirable to provide a simple method to obtain the identity of the entity to be authenticated, so that when the entity requests a service or places an order on the Internet, the identity of the requesting entity can be authenticated.
The first aspect of the present invention is a method for creating a certificate for a client of a service provider of a communications network wherein the client has a client private key and a client public key. The method comprises the steps of:
establishing a communications link with the service provider through a dedicated communication channel;
requesting a client certificate from the service provider;
obtaining caller identifying information from an operator of the dedicated communication channel; and
creating the requested client certificate using the caller identifying information.
Preferably, the method further comprises the step of verifying that the caller identifying information obtained from the operator of the dedicated communication channel is the same as client information provided by the client when requesting the client certificate.
Preferably, the method also includes the step of collecting client information by the service provider, which signs the client information into the certificate, wherein the client information includes a time-stamp for recording the time at which the certificate is created.
Preferably, the method further comprises the steps of retrieving the certificate from the caller ID server prior to verifying the signed challenge and retrieving the certificate from the client""s storage prior to verifying the signed challenge.
When the caller ID includes a phone number of a client""s telephone at a first site, it is preferable that the method further comprises the steps of:
generating an additional certificate having a value indicative of a communication device used by the client at a second site different from the first site, and
verifying the additional certificate with the client public key, wherein the value includes a MAC address of the communication device.
It is possible that the operator of the dedicated communication channel is a telephone company and the caller identifying information is a caller ID.
It is possible that the communications network is the Internet and the service provider is an Internet service provider, and the service provider includes a telephone service company.
The second aspect of the present invention is a system for creating a certificate for a client of a service provider of a communications network wherein the client has a client private key and a client public key. The system comprises:
a dedicated communication channel, for providing a communications link between the client and the service;
a mechanism for providing a first signal via the communications link, requesting a client certificate from the service provider;
a mechanism, in response to the first signal, for obtaining caller identifying information from an operator of the dedicated communication channel, and for providing a second signal indicative of the caller identifying information; and
a mechanism, in response to the second signal, creating the requested client certificate using the caller identifying information.
Preferably, the system further comprises a mechanism for verifying that the caller identifying information obtained from the operator of the dedicated communication channel is the same as client information provided by the client when requesting the client certificate.
Preferably, the system further comprises a mechanism for collecting client information by the service provider, which signs the client information into the certificate, wherein the client information includes a time-stamp for recording the time at which the certificate is created.
Preferably, the system further comprises a mechanism for retrieving the certificate from the caller ID server prior to verifying the signed challenge and retrieving the certificate from the client""s storage prior to verifying the signed challenge.
When the caller ID includes a phone number of a client""s telephone at a first site, it is preferable that the system further comprises:
a mechanism for generating an additional certificate having a value indicative of a communication device used by the client at a second site different from the first site, and for verifying the additional certificate with the client public key, wherein the value includes a MAC address of the communication device.